The invention concerns a data exchange system terminal controlled by portable data carriers, the terminal having several connection units for the connection of exchangeable user data carriers as well as other exchangeable data carriers, and also having at least one data input unit and a circuit means for assuring the performance of identity and authenticity tests.
Data exchange systems with terminals of this type are in constant development to achieve ever more numerous and more versatile uses. Above all, systems with user data carriers in the form of cards with built-in active, integrated semi-conductor circuits (so called chip cards) make possible ever more complex uses in expanded data networks, so that in most cases the trustworthiness and the secrecy of the data transmission takes on preeminent importance. To achieve a reduction in the transmission of large amounts of data (perhaps over large distances), there is a strong tendency to decentralize, that is to relocate data processing functions from central computers of the system to local terminals (generally existing in multiple numbers).
This requires, however, correspondingly more expensive and costly terminals, and to a similar extent also increases the risk of undesired manipulation and unauthorized access to secret data through the terminals. In this respect certain circuit parts are critical, these being those which undertake the testing of identity (authorization of a user to use a given data carrier) and of authenticity (that is the "genuiness" of a data carrier belonging to the system), because such decentralized testing presupposes the storage of secret test keys in the terminals.
Terminals of the aforementioned type with several connecting units for the connection of exchangeable data carriers are, for example, known from U.S. Pat. No. 4,450,535, FIG. 1, or from U.S. Pat. No. 4,809,326. In these devices the circuit means for carrying out the identity and authenticity tests are fixed components of the devices, that is they are built into the terminal, and in them the specific operational program is also stored. For performing the mentioned test procedures the secret test keys and if necessary further secret data must be read out of the exchangeable data carrier and temporarily stored in the device. This therefore results in an expensive and not very flexible construction of the device, and above all the devices are susceptible to unauthorized data access and fraudulent manipulation.